Date: 14 Nov 2005 10:13:37 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: aj@siegel-tech.net Cc: freebsd-questions@freebsd.org Subject: Re: In a bit of a bind - DNS problems and ipfw Message-ID: <44acg79s9q.fsf@be-well.ilk.org> In-Reply-To: <200511122338.49766.bulk_mail@siegel-tech.net> References: <200511122338.49766.bulk_mail@siegel-tech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Aaron Siegel <bulk_mail@siegel-tech.net> writes:
> Hello
>
> I am having problems with my FreeBSD 5.4 gateway/firewall. When I enable a
> custom firewall (ipfw) or the "Simple" firewall through rc.firewall my
> clients are unable to resolve DNS when DNS does work with the "Open" ruleset
> that is provide by rc.firewall. I create the custom firewall couple years
> ago and they work fine under 4.11 but after the upgrade I have not been able
> to get them to work.
>
> I sure I am doing something stupid but I am not smart enough to solve it at
> the moment.
>
> Thank you
> Aaron Siegel
>
> Custom firewall rules
> #Allow DNS
> $cmd 019 allow tcp from any to any 53 out via $pif
> $cmd 018 allow udp from any to any 53 out via $pif
You need to let the replies back in.
Try keep-state.
> /etc/rc.conf
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="open"
> natd_enable="YES"
> natd_interface="dc0"
>
> ifconfig_dc0="192.168.0.2" #public interface
> ifconfig_fxp0="192.168.245.1 netmask 255.255.255.0" #private interface
>
> /etc/rc.conf
> I have commented out the following lines
> #${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
Why?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44acg79s9q.fsf>